“The bad guys are getting very good, and they’re improving...” said the FBI cybercrime director in November 2023. Cybercrime has evolved and at a faster rate than the organizations tasked with stopping it. The reasons are many.
Cybercrime offers several advantages to offenders:
The ability to commit crimes without being physically exposed
The possibility of remaining (almost) completely anonymous
The increasing digitalization of assets—especially financial ones
Global legal gaps that make prosecution difficult
Cybercrime began in the 1980s, driven by curiosity and the desire to have fun. Entering the new millennium, these actors shifted their goals toward something more tangible: money. By 2010, following the model of organized crime in the physical world, cybercriminals began forming international criminal syndicates. The stereotypical hooded hacker if they ever truly existed gave way to business-style professionals operating in large organizations whose business model focused on illegally obtaining financial assets.
A smaller group maintained the spirit of early hackers, motivated by ideology, giving rise to hacktivism movements such as Anonymous and Snowden.
In the 2020s, cybercrime evolved again. Motivated not only by the global pandemic which forced most transactions into the digital realm but also by the escalation of armed conflicts around the world, cybercriminals aligned themselves with different geopolitical interests.
Armed conflicts provide the perfect environment for criminal activity. The same applies in cyberspace. For the first time, financially motivated actors and ideological actors found common ground under a new operational structure: State-aligned cyber groups such as Killnet, CONTI, and Lockbit.
Era solo darle un pequeño giro al modelo de negocio: ya no busco aleatoriamente a mí víctima, sino que lo hago alineado a determinados intereses geopolíticos. ¿Qué ganaron con esta postura? Mucho, ya que los nuevos “aliados” no van a perseguirlos (“el enemigo de mi enemigo es mi amigo”) y las víctimas ven el ciberataque como una acción deliberada guiada por estos intereses. ¿Estamos ante ataques de falsa bandera? Probablemente. Negocio redondo para la ciberdelincuencia.
The business model shifted slightly:
They no longer select random victims they attacked in alignment with geopolitical objectives.
What did they gain?
A lot. Their new “allies” would not pursue them (“the enemy of my enemy is my friend”) and victims interpreted attacks as politically directed, not purely criminal. Some may even be false-flag operations.
A perfect business model for cybercriminals.
Is there a light at the end of the tunnel?
Unfortunately, no not today. Hope does not match reality.
What can Uruguayan companies do in this environment? We do have one advantage: time. If we can slow attackers down, they are likely to move on to easier victims. For that reason, it is appropriate to quote the movie title: “Never retreat, never surrender.”